The present invention relates to a system for providing secure access, and to a secure access method. In particular, the present invention relates to a system and method for providing secure access to management information in an open management system.
Open management systems are non-proprietary management systems that use standard technology to allow client programs to access management information in an enterprise environment. Open management systems provide a consistent definition and structure of data, including expressions for elements such as object classes, properties, associations and methods.
To ensure interoperability across a network comprising different types of programs and devices, where these programs and devices are provided by different vendors, open management systems provide an interface for requesting and for describing data about programs and devices. This interface enables administrators and software management programs to access the same type of information from many different types of devices and programs on different platforms (for example, different operating systems) using the same commands.
This open management system interface is made publicly available to allow clients to be programmed to browse and query management information via the management system. The management information may relate to software resources (such as installed programs), and/or hardware resources (such as storage devices, and memory).
It is proposed herein to use an open management system in a self-service terminal (SST), such as a kiosk or an automated teller machine (ATM).
Self-service terminals are generally public-access devices that are designed to allow a user to conduct a transaction or to access information in an unassisted manner and/or in an unattended environment. SSTs typically include some form of tamper resistance (in both hardware and software) so that they are inherently resilient to faults and unauthorized access. SSTs include: ATMs; non-cash kiosks that allow users to access information (for example, to view reward points on a reward card the user has present to the SST); and kiosks that accept payment for services (for example, Web surfing kiosks, photo printing kiosks, kiosks that allow users to buy goods, and such like). The term SST has a relatively broad meaning and may include vending machines and photocopiers.
An ATM is one type of SST, and typically includes a cash dispenser for dispensing currency to a user subsequent to identifying the user and validating that the user has sufficient funds to cover the amount of currency to be dispensed.
An ATM includes a variety of different hardware devices, and typically executes an operating system, a run-time platform to augment the operating system, and one or more control programs.
The run-time platform is used for (i) interfacing with the operating system, (ii) providing device drivers for non-standard computing devices (for example, cash dispenser devices), and (iii) providing industry-standard interfaces (application programming interfaces (APIs)) to the control program and any other programs executing on the ATM. These industry-standard interfaces enable the control program to use standard commands (i) to make use of self-service devices (PIN pads, cash dispensers, and such like), and (ii) to obtain device status and fault management information.
The control program (CP) typically includes a transaction processing component (TPC) and a management component (MC).
The TPC offers a user a suite of transactions and services. The TPC provides the presentation functionality to guide the user through steps involved in a user-selected transaction, and provides the processing logic to lead the ATM 10 through steps involved in performing the user-selected transaction.
The management component (MC) records status, fault, and other information about the ATM, and captures and handles errors to ensure that the ATM does not unexpectedly go out of service. Furthermore, the MC provides supervisory functions to monitor and test operation of the devices and programs in the ATM.
To ensure that these devices and programs are operating correctly, an ATM has an elaborate state of health system. This state of health system also ensures that service personnel have access to diagnostic information about how the ATM is operating. This information typically includes logs and tallies about (i) the operations that each device has performed, (ii) the number of times a device has been used, (iii) any error messages reported by a device, and such like.
Different service personnel may have different levels of access to the ATM. For example, there may be three types of service personnel. A first type of service personnel may only be authorized to clear media jams, replenish non-currency media (such as receipt paper), and such like. These personnel are generally referred to as first line maintenance personnel and typically do not require any tools to perform their maintenance functions. A second type of service personnel may be authorized to perform diagnostic tests on some ATM devices, to reset certain logs and counters, and such like. These personnel are generally referred to as second line maintenance personnel, and typically carry a set of tools to help them perform their maintenance functions. A third type of service personnel may be authorized to replenish currency in the ATM. These personnel are generally referred to as currency replenishers, and typically do not perform any maintenance functions.
It is also important to ensure that each of the three types of authorized service personnel only has access to information consistent with their level of authorization. For example, only second level maintenance personnel should have access to certain highly secure information, such as tamper detection information; and only currency replenishers should have access to currency replenishment operations.
To provide a value-added maintenance service, an ATM vendor prefers to restrict access to detailed diagnostic information to service personnel associated with, or approved by, that vendor. It is therefore desirable to be able to restrict access to the most detailed information to those service personnel who are authorized by the ATM vendor, rather than to personnel who are authorized by the ATM owner. This is relatively easy to achieve if the ATM vendor uses proprietary hardware and software; however, to reduce the cost of an ATM, it is desirable to include as many non-proprietary devices and applications as possible, such as a Microsoft (trade mark) Windows (trade mark) operating system.
The Windows (trade mark) operating system includes an open management system referred to as Windows Management Instrumentation (WMI), which is proposed herein to be used to provide the state of health system in an ATM.
One disadvantage of using WMI is that it is an open management system, so there is no simple way to provide a level of access control to WMI that allows an ATM vendor to include intelligent management information and to discriminate between vendor authorized and vendor unauthorized client access thereto. WMI does provide a mechanism for using Windows (trade mark) authentication (such as domain logon credentials) as an authorization mechanism, but the set-up and management of Windows (trade mark) users controlled by the ATM owner, who has access to the ATM operating system, not the ATM vendor.